At Sacred Willow we take your personal data very seriously and that's why we want to let you know why and how we collect and
store your personal details in accordance with GDPR legislation that came into effect on 25th May 2018.
HOW WE COLLECT YOUR DATA
We collect your data in several ways at Sacred Willow, as detailed below;
1. In the salon - using a printed 'client consulation form', further details of all information collected can be found below under the heading 'What personal data we collect and why'. We then store your name, address, date of birth, email address, treatment history and any medical alerts in a secure locked filing cabinet.
2. 'Contact form' - this is a contact form on our website for you to use in order to contact us with enquiries. We ask for your name, email address and to leave a message, you will NOT be added to our mailing list for using this facility.
3. Social media - you may contact us via Facebook messenger or other social media platforms and we will reply to your message but we DO NOT PAY TO, OR USE YOUR PERSONAL DATA FROM SOCIAL MEDIA.
WHAT PERSONAL DATA WE USE AND WHY
When arriving for your appointment at the salon we will ask you to complete a client record card. We require the following personal details from you and have a given legal reason why we need these;
1. Your full name - so we can address you in the salon and ensure all communication is with the correct person.
2. Date of birth - to help us distinguish two clients with identical names and also for the emergency services in the case of an emergency whilst at the salon.
3. Address - to aid the emergency services in the case of an emegency whilst at the salon.
4. Email address - to send email invoices for services you have received at Sacred Willow.
5. Medical history - including operations you may have had, any diseases, medical disorders; medical history is crucial to allow us to perform our treatments safely and ahere to the terms of our insurance.
6. Allergies - to ensure nothing our staff use during a treatment or around you at the salon can cause you harm, irritation or other complications and to adhere to the terms of our insurance.
7. Medication - some medication can be a contradintradition to treatment or react with the products that our staff use. It is essential we know these details to protect you and ahere to the terms of our insurance.
8. Patch tests - this is a skin test that staff carry out in the salon to test for potential allergic reactions to certain treatments. We keep these results on file so that all therapists know you are able to have a specific treatment and in the event of a reaction we know what was used and when.
9. Treatment history - this record is kept so that each therapist can see what was used and how the last therapist carried out the treatment that you received to ensure delivery of the treatment and results are consistent amongst all staff.
10. Your consent - we require you to read and sign a paragraph that allows us to obtain this information lawfully from you and safely store it in accordance with GDPR.
11. Your contact preferences - if you wish to be on our mailing list you must opt in so that when we send you our newsletters and special offers we are GDPR compliant.
12. Your consent to use treatment imagess - some of our treatments involve before and after photographs which will be taken on salon devices to aid the client experience and as proof of progress/treatment. Sometimes we like to use these images on our social media platforms and website and need your permission to do so. Images are mainly, but not limited to nails and eyelashes.
13. Your signature - to prove that it was you; the client, that was present in the salon and that you answered all of the above points to the best of your knowledge and honestly. That you agreed to Sacred Willow holding your personal data on our digital online booking system database (Shedul) and on paper format in our securly locked filing cabinets.
HOW YOUR DATA IS STORED
Your data is in digital and paper format at Sacred Willow. Paper copies of consultaion forms are stored alphabetically in a securly locked filing cabinet that only staff of Sacred Willow have access to when required. Digital information is stored using the Shedul online booking system database with cloud software and is password protected. Only Sacred Willow staff have this password and certain areas are restriced even further, to management only.
Electronic devices at Sacred Willow comprise of an HP computer to operate the online booking system database Shedul software and an Andriod phone, both of which are password protected.
HOW LONG DO WE HOLD YOUR PERSONAL DATA?
We will hold your personal data for up to 7 years. In order to continue to provide our clients with the best service possible we need these records to record treatments performed, reactions, preferences, patch tests, products used etc.
With a large client base, we do need a little help and do use a third party to deliver our email confirmation, 24 hour reminders, failure to show notices, newsletters and emails. We use Mail Chimp and our online booking system database Schedul software and on occasion the proprietor; Kerry Lamerton, to send all client communication. We DO NOT sell or share your personal data with anyone else. No other third party including our accountant has access to your personal data. Shedul are currently checking and updating all their policies and security in accodrance with GDPR.
YOUR RIGHT TO ACCESS OR CHANGED YOUR MIND?
Your data processor and data controller for Sacred Willow is either Kerry or Simon Lamerton. In the event of a breach of personal data you will be contacted by either of the above mentioned members of staff within 72 hours of discovery. If you wish to make a complaint please address it in writing to either of the above members of staff at our Milton address.
You have the right to be forgotten; if at anytime you no longer wish to be on Sacred Willow's database please send an email to Kerry or Simon Lamerton at and we will remove your digital file and then cross shred your paper file. We will also ensure that if you are oped onto our mailing list that this preference is also removed.
You have the right to acces your perosnal data that Sacred Willow holds and the right to rectification if it is incomplete inorrect or out of date.
You also have the right to data portabililty, if you wish us to transfer some of your personal data, for example; patch test results if you are moving to another salon. You also have the right to object to processing and direct marketing. Your data can remain in one place but not used.
UP TO DATE RECORDS
Should your personal data change at anytime, for example; contact details or home address, please ensure you inform staff at Sacred Willow so that your records remain up to date at all times in compliance with GDPR, thank you.